Manas Biswal Intermediate
Joined: 29 Nov 2002 Posts: 382 Topics: 27 Location: Chennai, India
|
Posted: Fri Dec 02, 2005 4:01 pm Post subject: DB2 on Z.OS Authorities (v7) |
|
|
Hello Members,
The following are all the database level authorities on DB2 on S/390 v7. I have divided the authorities into two logical groups viz. subsytem level and database level. The subsystem level authorities are applicable to all the databases in the subsystem but the database level authorities are applicable only to a particular database. Each authority also lists some of the important facts and permissions(not a complete list) granted to that authority.
Susbystem Level -
Installation SYSADM
- DSNZPARM parameter.
- Assigned during DB2 installation
- This authority is not recorded on the DB2 catalog tables, meaning that even if the tablespace containing the SYSDBAUTH table is down, the installation SYSADM can still work on DB2.
- Only authority which has access to run the CATMAINT utility (Catalog Maintenance utility)
- Can access DB2 started with access (MAINT)
- Can start the catalog and directory databases (DSNDB06 and DSNDB01).
SYSADM
- Access to all data in the subsystem.
- Access to all the tables, views, collections.
- DBADM Authority(explained later in this post) on all the databases in the subsystem.
- Set the SQLID register to any value
- Drop the workfile database (DSNDB07).
- Grant the above privileges to any id/RACF Group.
SYSCTRL
- No Access to data unless explicitly granted.
- DBCTRL Authority(explained later in this post) on all the databases in the subsystem.
- Run utlities on databases in the subsystem.
- Create views on catalog tables
- create tables and aliases in any database on the subsystem.
Installation SYSOPR
- DSNZPARM parameter.
- Assigned during DB2 installation
- This authority is not recorded on the DB2 catalog tables, meaning that even if the tablespace containing the SYSDBAUTH table is down, the installation SYSOPR can still work on DB2.
- Can access DB2 started with access (MAINT)
- Can run utilities on the catalog and directory databases (DSNDB06 and DSNDB01).
SYSOPR
- Runs operator commands/utilities like DISPLAY, STOPALL, RECOVER, TRACE etc.
- Terminate any utility job running in the subsystem.
- Can run DSN1SDMP standalone utility (Dumps of DB2 Trace events).
PACKADM
- All accesses and privileges on all collections in the subsystem.
Database Level -
DBADM
- Access to all the data in all the tables on that database.
- Access to all the tables, views and collections in that database.
- Create a view on any table in the database ( This also needs another DSNZPARM option to be set properly)
DBCTRL
- In general, run all data change utilities on all the tablespaces in the database.
DBMAINT
- Following database privileges
CREATETAB
STARTDB
CREATETS
STATS
DISPLAYDB
STOPDB
IMAGCOPY
TERM UTILITY
For more information, refer to the DB2 UDB v7 for Z/OS Administrative guide.
http://publib.boulder.ibm.com/cgi-bin/bookmgr/BOOKS/dsnagh15/CCONTENTS
Regards,
Manas _________________ There is no path to peace. Peace is the path.
- Mahatma Gandhi (1869-1948) |
|